https://www.pluginvulnerabilities.com/2017/04/03/cross-site-request-forgery-csrfform-submission-deletion-vulnerability-in-contact-form-7-database/

While looking over another vulnerability in the plugin Contact Form 7 Database we also noticed that it lacked protection against cross-site request forgery (CSRF) when deleting the form submissions that it stores.

The following code in the file /admin/table.php handles processing requests to delete form submissions:

129 130 131 132 133 134 135 136 137 138

Powered by WPeMatico

Canadian Web Hosting [Ad]

Canadian Web Hosting [Ad]